Questions about rate limiting

Security
#1

Hello,

I’m trying the rate limiting feature and so I have some questions for not have some surprises on my next billing.

  1. If I set a filter "example.com/" , the urls from my subdomains will be counted (ex : api.example.com/, toto.example.com/*) ? I know it will not pass in the filter, but It will increment the counter of request for the billing ?
  2. If I set a filter “example.com/*” and another “example.com/test” It will be counted 2 times as a request ? One by filter ? Or only one ?
  3. Also, it’s possible to ignore assets in a filter like that by example: “example.com/*(!.js|!.css)” ?

Thank you for your great help !

#2

example.com does not match sub domains.

*example.com matches all sub-domains and the root domain.

*.example.com matches all sub-domains but not the root domain.

Your second question is related to billing.

Each request is only counted once so you will not be double charged if a request matches multiple rules.

#3

Ok perfect thanks.

Also do you know where I can find the number of requests charged for the current month ? I guess Its not in the analytics page because not all my 60 millions request passes by my rules defined in the rate limiter. Also in the “Billable usage” page there’s no statistics…
I currently dont know how much i will by billed in the end of month for the rate limiter and I cant calculate this. It’s normal ?

#4

I have another question, I have set a filter with challenge. Some one know if the users dont pass the challenge the requests are charged for my billing ? I mean by example in a HTTP Flood attack, they wouldnt pass the challenge like that but it will be counted for my billing ?

#5

From the same billing article I linked above:

Rate Limiting is billed based on the number of good (not blocked) requests that match your defined rules across all your websites.

So you are not billed for anything you block, only what you allow. Enterprise plans pay a flat fee agreed in their contract.

#6

This topic was automatically closed after 30 days. New replies are no longer allowed.